module CookieChecker
    def self.included(base)
        base.send :helper_method, :logged_in?, :logged_out?
    end

    def logged_in?
      cookies[:auth_token] == "true"
    end

    def logged_out?
      cookies[:auth_token] == "false"
  end
  
  def admin_login
    cookies[:auth_token] = { :value => "true", :expires => 2.weeks.from_now.utc }
  end
  
  def admin_logout
    cookies[:auth_token] = { :value => "false", :expires => 2.weeks.from_now.utc }
  end
    
  def login_required
    access_denied if !logged_in?
  end

  # Redirect as appropriate when an access request fails.
  # The default action is to redirect to the login screen.
  # Override this method in your controllers if you want to have special
  # behavior in case the user is not authorized
  # to access the requested action.  For example, a popup window might
  # simply close itself.
  def access_denied
      
      respond_to do |accepts|
          accepts.html do
              redirect_to "/"
          end
          accepts.xml do
              headers["Status"]           = "Unauthorized"
              headers["WWW-Authenticate"] = %(Basic realm="Web Password")
              render :text => "Could't authenticate you", :status => '401 Unauthorized'
          end
      end
      false
  end  
end

